Received: by 2002:ab2:b82:0:b0:1f3:401:3cfb with SMTP id 2csp342935lqh; Thu, 28 Mar 2024 04:02:13 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV3VVZIL24POSddOwMNWTRXdL/DFj8LRjDspSaa8izAbpIhAu64RYvqB+h/eYL1lnjy8bJSSvXxpvoSiH0glYTCsfqG11ns/8X8xoBd/g== X-Google-Smtp-Source: AGHT+IHoeyR4MOqNLLhR6R0o7Ur/6gHro37RoHkurvqpu7vUxpRiqZnQQC3vUlnWZJt9keKS6SJN X-Received: by 2002:a05:6602:88b:b0:7cc:1cb:2bfa with SMTP id f11-20020a056602088b00b007cc01cb2bfamr2895498ioz.11.1711623732914; Thu, 28 Mar 2024 04:02:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711623732; cv=pass; d=google.com; s=arc-20160816; b=AeDyXpFIDMo3yzK9yIKcmOf1hp026/Wl+aaw6N/m0EcyAiNJOP5PrzMRQHu0EoxIbw i2oHpDC/Vcoj3u8XNy79iY25bVJUcyp8mniWJn/9XpnraJPM1IjadquKudXLUAMVZmfJ Q3YgCpVLgulQ9Owj0rDezeV+yFwqX4M8jaVIT2DdYbD9c6vpKDwMQuKUud6nX6443yJX 5YCMavvnZQnEKE+p8dnRsirDf0DrFkyihYPRQktB4mMw2smHrBWIwZ7VIx/dwhui+VUL cn0aakNFeyXhK6tlGZAKRCCDx8utY5W9JP/HAr2ZNszwqQlNrDZ6zlg+xtNCJx5tLcB/ AF+Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id; bh=FvgreL5mjZkplfIY1hL8gG15k7sLI7W+6IED4QQKbmw=; fh=q1V3q1FbKzyNLWB2PMMkMsDkCu4t6uoYqMiWJjv9D98=; b=NY4T6n24apzC2E0R3SCXKDM58wQZ5nl2gQQ4crmzkfU5SkuxupxZGwv3XgkiAiNjJV y/JGm0abQnT8kLAYffaTlUsQo7TODbneHijRXa1kfdr8GicGxnJrt4lzKifheSd+WpPV t/KAlG2mYhXPSu7uuAUAH7wcN3OPNpY1T43eLHFvgWrndDmCgseAJ6RxuCPZRP/67uON Yu2crqXztTo00hjN1HbN5y0fACMJdYYd52KmtJdgJPNWX4hpq+I/zLs8ex00bE9Le5po FoScBPadRLS1eqWWv4cb4GLaeFOACq8WhfuLOvKgN6tydjN3Rl7U1dTUXddZJaURV1jM rnCg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-122795-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-122795-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id i133-20020a636d8b000000b005d2520bdefbsi1214243pgc.208.2024.03.28.04.02.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Mar 2024 04:02:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-122795-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-122795-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-122795-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 0448CB21D9A for ; Thu, 28 Mar 2024 10:54:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 405FE7D41B; Thu, 28 Mar 2024 10:54:07 +0000 (UTC) Received: from frasgout11.his.huawei.com (frasgout11.his.huawei.com [14.137.139.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 973054C62E; Thu, 28 Mar 2024 10:54:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=14.137.139.23 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711623246; cv=none; b=PmSF7i1Zmrzfir/+WP6YWFx91Y7GCdbpsZ4TxEpR1ZpAmBLfdR3o8uZ+rYg/7m92hrCAgSegyvIIppel/52n17T7PE5y0KBS2cSlo1G7kzUkA9WHLTj0CxmePn8Ch24PJCZcSBxNKrdrHNTg4/zAs9lDpZeVGOy2oOnLk9kl7cc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711623246; c=relaxed/simple; bh=YQRBwIKyXMFpVXmOargCtb2gMHL7sG7XI5XG2RQxFsM=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=I1xsb2B5fuvSVeM/WLEdVV0vu79eygLpMRqdLHfc4EVmZ5IatG8aEboWshAfC5rzhka+tu5FoJbtQpi6lMMOeYGrISVCx1ppW2dxH8zAmHCWRChOeI/3BLLVu2GGji/fPdpMGGTHOtPv6Vtq1YYPZPIW1HRqqvxra2ZNkLbuW7c= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=14.137.139.23 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.18.186.51]) by frasgout11.his.huawei.com (SkyGuard) with ESMTP id 4V50Nw6SYJz9xqx4; Thu, 28 Mar 2024 18:37:52 +0800 (CST) Received: from mail02.huawei.com (unknown [7.182.16.27]) by mail.maildlp.com (Postfix) with ESMTP id 3F8F2140417; Thu, 28 Mar 2024 18:53:55 +0800 (CST) Received: from [10.81.200.225] (unknown [10.81.200.225]) by APP2 (Coremail) with SMTP id GxC2BwAnEyc4TAVmFhodBQ--.8703S2; Thu, 28 Mar 2024 11:53:54 +0100 (CET) Message-ID: <4a0b28ba-be57-4443-b91e-1a744a0feabf@huaweicloud.com> Date: Thu, 28 Mar 2024 12:53:40 +0200 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: kernel crash in mknod To: Christian Brauner , Roberto Sassu Cc: Al Viro , Steve French , LKML , linux-fsdevel , CIFS , Paulo Alcantara , Christian Brauner , Mimi Zohar , Paul Moore , "linux-integrity@vger.kernel.org" , "linux-security-module@vger.kernel.org" References: <20240324054636.GT538574@ZenIV> <3441a4a1140944f5b418b70f557bca72@huawei.com> <20240325-beugen-kraftvoll-1390fd52d59c@brauner> <20240326-halbkreis-wegstecken-8d5886e54d28@brauner> Content-Language: en-US From: Roberto Sassu In-Reply-To: <20240326-halbkreis-wegstecken-8d5886e54d28@brauner> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-CM-TRANSID:GxC2BwAnEyc4TAVmFhodBQ--.8703S2 X-Coremail-Antispam: 1UD129KBjvdXoW7GF1rZw48CryDurW8GFy8Zrb_yoWkArc_Cr s0ya4UG3y7ur93AF47WF1SgrZxAFWagry7CrWkKFy7t34DJrs8JFZ0vr93Wr1UWFWfGFnI kryDAa40kry2vjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUb78YFVCjjxCrM7AC8VAFwI0_Gr0_Xr1l1xkIjI8I6I8E6xAIw20E Y4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kEwV A0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWUJVWUCwA2z4x0Y4vE2Ix0cI8IcVCY1x02 67AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIE14v26r4j6F4UM28EF7xvwVC2z280aVCY1x0267 AKxVW8JVW8Jr1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2 j2WlYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7x kEbVWUJVW8JwACjcxG0xvEwIxGrwACI402YVCY1x02628vn2kIc2xKxwCF04k20xvY0x0E wIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E74 80Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jw0_GFylIxkGc2Ij64vIr41lIxAIcVC0 I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Gr0_Cr1lIxAIcVCF04 k26cxKx2IYs7xG6rW3Jr0E3s1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY 1x0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7IU1zuWJUUUUU== X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAQAQBF1jj5vkfAAAsn On 3/26/2024 12:40 PM, Christian Brauner wrote: >> we can change the parameter of security_path_post_mknod() from >> dentry to inode? > > If all current callers only operate on the inode then it seems the best > to only pass the inode. If there's some reason someone later needs a > dentry the hook can always be changed. Ok, so the crash is likely caused by: void security_path_post_mknod(struct mnt_idmap *idmap, struct dentry *dentry) { if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) I guess we can also simply check if there is an inode attached to the dentry, to minimize the changes. I can do both. More technical question, do I need to do extra checks on the dentry before calling security_path_post_mknod()? Thanks Roberto > For bigger changes it's also worthwhile if the object that's passed down > into the hook-based LSM layer is as specific as possible. If someone > does a change that affects lifetime rules of mounts then any hook that > takes a struct path argument that's unused means going through each LSM > that implements the hook only to find out it's not actually used. > Similar for dentry vs inode imho.